| Summary: | glsa 202003-48 marks nodejs-10.20.1 vulnerable | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Tomáš Mózes
2020-04-18 11:28:54 UTC
Package was marked as vulnerable because have no way to target multiple branches (package needs a at least subslots). There is not much we can do here: We could only ditch the GLSA which will cause that people only updating based on GLSA to not get the NodeJS upgrade. But given that we are now (6 months after the report) at >=12.18 stable, I would keep GLSA and close bug as obsolete. |
